Kerberos Discovery Specialist – £660/day (Inside IR35) – Hybrid, London
We’re seeking a Kerberos Discovery Specialist to lead the initial assessment and discovery phase of enterprise authentication systems. This role focuses on understanding and documenting existing Kerberos implementations, uncovering risks, and defining improvements to strengthen authentication and password management processes across complex environments.
Key Responsibilities
* Lead the discovery phase for authentication and password management across large enterprise environments.
* Investigate existing Kerberos implementations, configurations, and integrations across Windows, Linux, and Active Directory.
* Identify and document current processes, including password reset procedures, application authentication, and service account management.
* Assess and map dependencies between applications and Kerberos authentication flows.
* Analyse and highlight risks and gaps in current Kerberos setups (SPNs, delegation, ticket lifetimes, trust relationships, etc.).
* Recommend and implement mitigations for Kerberos-related risks and password management issues.
* Collaborate with stakeholders and technical teams to validate findings and propose improvements.
* Develop detailed technical documentation outlining existing configurations, discovered issues, and recommended remediation actions.
* Support the setup, configuration, and validation of applications requiring Kerberos integration.
* Produce clear process documentation for authentication and password management, supporting future operational teams.
Essential Skills & Experience
* Proven hands-on expertise with Kerberos authentication, including SPNs, delegation, cross-realm trust, and ticket management.
* Experience leading discovery and analysis phases within complex enterprise environments.
* Strong background in Active Directory, Windows Server security, and Linux Kerberos integration.
* Practical experience with password reset and identity lifecycle management processes.
* Skilled in authentication troubleshooting tools (Wireshark, klist, setspn, event logs).
* Strong analytical and documentation skills — able to capture “as-is” states and define “to-be” improvements.
* Confident communicator, comfortable working with both technical and non-technical stakeholders.
Desirable
* Experience documenting Kerberos-related operational processes and risks within government or regulated sectors.
* Familiarity with identity and access management (IAM) platforms and password management solutions.
* Exposure to risk mitigation and remediation planning for authentication or identity services.